The main piece of law in Nepal that governs the processing of personal data is the 2018 Nepal Data Protection Act (DPA). The Act was passed to ensure the safe and secure use of personal data as well as to safeguard the privacy and personal information of individuals in Nepal.
The Nepal Data Protection Act of 2018 has several important measures, including:
- All information that refers to a named or distinguishable natural person is considered personal data under the Act.
- To oversee the Act’s implementation and enforcement, the Act created a regulatory organization known as the “Data Protection Authority.”
- Individuals must explicitly consent before their personal information is collected, processed, or used for any purpose, according to the Act.
- The Act gives data subjects a number of rights, including the ability to see, update, and delete their personal information.
- Under the Act, data controllers and processors must implement reasonable safeguards to protect personal data from improper access, use, or disclosure.
- It places limitations on the export of personal information from Nepal.
Penalties, such as fines and imprisonment, may apply if provisions of the Nepal Data Protection Act 2018 are broken. Businesses and organizations operating in Nepal must make sure they abide by the Act’s rules while processing personal data, which has important ramifications.